CVE-2025-7771 - "ThrottleStop.sys Kernel Memory Access Vulnerability"
CVE ID : CVE-2025-7771
Published : Aug. 6, 2025, 10:15 a.m. | 20 minutes ago
Description : ThrottleStop.sys, a legitimate driver, exposes two IOCTL interfaces that allow arbitrary read and write access to physical memory via the MmMapIoSpace function. This insecure implementation can be exploited by a malicious user-mode application to patch the running Windows kernel and invoke arbitrary kernel functions with ring-0 privileges. The vulnerability enables local attackers to execute arbitrary code in kernel context, resulting in privilege escalation and potential follow-on attacks, such as disabling security software or bypassing kernel-level protections. ThrottleStop.sys version 3.0.0.0 and possibly others are affected. Apply updates per vendor instructions.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-7771
Published : Aug. 6, 2025, 10:15 a.m. | 20 minutes ago
Description : ThrottleStop.sys, a legitimate driver, exposes two IOCTL interfaces that allow arbitrary read and write access to physical memory via the MmMapIoSpace function. This insecure implementation can be exploited by a malicious user-mode application to patch the running Windows kernel and invoke arbitrary kernel functions with ring-0 privileges. The vulnerability enables local attackers to execute arbitrary code in kernel context, resulting in privilege escalation and potential follow-on attacks, such as disabling security software or bypassing kernel-level protections. ThrottleStop.sys version 3.0.0.0 and possibly others are affected. Apply updates per vendor instructions.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8620 - GiveWP Information Exposure Vulnerability
CVE ID : CVE-2025-8620
Published : Aug. 6, 2025, 10:15 a.m. | 20 minutes ago
Description : The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 4.6.0. This makes it possible for unauthenticated attackers to extract donor names, emails, and donor id.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8620
Published : Aug. 6, 2025, 10:15 a.m. | 20 minutes ago
Description : The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 4.6.0. This makes it possible for unauthenticated attackers to extract donor names, emails, and donor id.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-46388 - Apache HTTP Server Information Disclosure
CVE ID : CVE-2025-46388
Published : Aug. 6, 2025, 11:15 a.m. | 3 hours, 20 minutes ago
Description : CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-46388
Published : Aug. 6, 2025, 11:15 a.m. | 3 hours, 20 minutes ago
Description : CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-46389 - Microsoft Azure Active Directory Password Change
CVE ID : CVE-2025-46389
Published : Aug. 6, 2025, 11:15 a.m. | 3 hours, 20 minutes ago
Description : CWE-620: Unverified Password Change
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-46389
Published : Aug. 6, 2025, 11:15 a.m. | 3 hours, 20 minutes ago
Description : CWE-620: Unverified Password Change
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-46390 - Apache Web Server HTTP Response Manipulation Vulnerability
CVE ID : CVE-2025-46390
Published : Aug. 6, 2025, 11:15 a.m. | 3 hours, 20 minutes ago
Description : CWE-204: Observable Response Discrepancy
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-46390
Published : Aug. 6, 2025, 11:15 a.m. | 3 hours, 20 minutes ago
Description : CWE-204: Observable Response Discrepancy
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-46391 - Apache HTTP Server Authentication Bypass
CVE ID : CVE-2025-46391
Published : Aug. 6, 2025, 11:15 a.m. | 3 hours, 20 minutes ago
Description : CWE-284: Improper Access Control
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-46391
Published : Aug. 6, 2025, 11:15 a.m. | 3 hours, 20 minutes ago
Description : CWE-284: Improper Access Control
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-5197 - Hugging Face Transformers ReDoS Vulnerability
CVE ID : CVE-2025-5197
Published : Aug. 6, 2025, 12:15 p.m. | 2 hours, 20 minutes ago
Description : A Regular Expression Denial of Service (ReDoS) vulnerability exists in the Hugging Face Transformers library, specifically in the `convert_tf_weight_name_to_pt_weight_name()` function. This function, responsible for converting TensorFlow weight names to PyTorch format, uses a regex pattern `/[^/]*___([^/]*)/` that can be exploited to cause excessive CPU consumption through crafted input strings due to catastrophic backtracking. The vulnerability affects versions up to 4.51.3 and is fixed in version 4.53.0. This issue can lead to service disruption, resource exhaustion, and potential API service vulnerabilities, impacting model conversion processes between TensorFlow and PyTorch formats.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-5197
Published : Aug. 6, 2025, 12:15 p.m. | 2 hours, 20 minutes ago
Description : A Regular Expression Denial of Service (ReDoS) vulnerability exists in the Hugging Face Transformers library, specifically in the `convert_tf_weight_name_to_pt_weight_name()` function. This function, responsible for converting TensorFlow weight names to PyTorch format, uses a regex pattern `/[^/]*___([^/]*)/` that can be exploited to cause excessive CPU consumption through crafted input strings due to catastrophic backtracking. The vulnerability affects versions up to 4.51.3 and is fixed in version 4.53.0. This issue can lead to service disruption, resource exhaustion, and potential API service vulnerabilities, impacting model conversion processes between TensorFlow and PyTorch formats.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-23310 - NVIDIA Triton Inference Server Stack Buffer Overflow Vulnerability
CVE ID : CVE-2025-23310
Published : Aug. 6, 2025, 1:15 p.m. | 1 hour, 20 minutes ago
Description : NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker could cause stack buffer overflow by specially crafted inputs. A successful exploit of this vulnerability might lead to remote code execution, denial of service, information disclosure, and data tampering.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-23310
Published : Aug. 6, 2025, 1:15 p.m. | 1 hour, 20 minutes ago
Description : NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker could cause stack buffer overflow by specially crafted inputs. A successful exploit of this vulnerability might lead to remote code execution, denial of service, information disclosure, and data tampering.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-23311 - NVIDIA Triton Inference Server Stack Overflow Remote Code Execution Vulnerability
CVE ID : CVE-2025-23311
Published : Aug. 6, 2025, 1:15 p.m. | 1 hour, 20 minutes ago
Description : NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause a stack overflow through specially crafted HTTP requests. A successful exploit of this vulnerability might lead to remote code execution, denial of service, information disclosure, or data tampering.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-23311
Published : Aug. 6, 2025, 1:15 p.m. | 1 hour, 20 minutes ago
Description : NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause a stack overflow through specially crafted HTTP requests. A successful exploit of this vulnerability might lead to remote code execution, denial of service, information disclosure, or data tampering.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-23317 - NVIDIA Triton Inference Server HTTP Server Remote Code Execution Vulnerability
CVE ID : CVE-2025-23317
Published : Aug. 6, 2025, 1:15 p.m. | 1 hour, 20 minutes ago
Description : NVIDIA Triton Inference Server contains a vulnerability in the HTTP server, where an attacker could start a reverse shell by sending a specially crafted HTTP request. A successful exploit of this vulnerability might lead to remote code execution, denial of service, data tampering, or information disclosure.
Severity: 9.1 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-23317
Published : Aug. 6, 2025, 1:15 p.m. | 1 hour, 20 minutes ago
Description : NVIDIA Triton Inference Server contains a vulnerability in the HTTP server, where an attacker could start a reverse shell by sending a specially crafted HTTP request. A successful exploit of this vulnerability might lead to remote code execution, denial of service, data tampering, or information disclosure.
Severity: 9.1 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-23318 - NVIDIA Triton Inference Server Python Backend Out-of-Bounds Write
CVE ID : CVE-2025-23318
Published : Aug. 6, 2025, 1:15 p.m. | 1 hour, 20 minutes ago
Description : NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python backend, where an attacker could cause an out-of-bounds write. A successful exploit of this vulnerability might lead to code execution, denial of service, data tampering, and information disclosure.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-23318
Published : Aug. 6, 2025, 1:15 p.m. | 1 hour, 20 minutes ago
Description : NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python backend, where an attacker could cause an out-of-bounds write. A successful exploit of this vulnerability might lead to code execution, denial of service, data tampering, and information disclosure.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-23319 - NVIDIA Triton Inference Server Python Backend Out-of-Bounds Write Remote Code Execution Vulnerability
CVE ID : CVE-2025-23319
Published : Aug. 6, 2025, 1:15 p.m. | 1 hour, 20 minutes ago
Description : NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python backend, where an attacker could cause an out-of-bounds write by sending a request. A successful exploit of this vulnerability might lead to remote code execution, denial of service, data tampering, or information disclosure.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-23319
Published : Aug. 6, 2025, 1:15 p.m. | 1 hour, 20 minutes ago
Description : NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python backend, where an attacker could cause an out-of-bounds write by sending a request. A successful exploit of this vulnerability might lead to remote code execution, denial of service, data tampering, or information disclosure.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-23320 - NVIDIA Triton Inference Server Memory Information Disclosure
CVE ID : CVE-2025-23320
Published : Aug. 6, 2025, 1:15 p.m. | 1 hour, 20 minutes ago
Description : NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python backend, where an attacker could cause the shared memory limit to be exceeded by sending a very large request. A successful exploit of this vulnerability might lead to information disclosure.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-23320
Published : Aug. 6, 2025, 1:15 p.m. | 1 hour, 20 minutes ago
Description : NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python backend, where an attacker could cause the shared memory limit to be exceeded by sending a very large request. A successful exploit of this vulnerability might lead to information disclosure.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-23321 - NVIDIA Triton Inference Server Divide by Zero Denial of Service
CVE ID : CVE-2025-23321
Published : Aug. 6, 2025, 1:15 p.m. | 1 hour, 20 minutes ago
Description : NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where a user could cause a divide by zero issue by issuing an invalid request. A successful exploit of this vulnerability might lead to denial of service.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-23321
Published : Aug. 6, 2025, 1:15 p.m. | 1 hour, 20 minutes ago
Description : NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where a user could cause a divide by zero issue by issuing an invalid request. A successful exploit of this vulnerability might lead to denial of service.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-23322 - NVIDIA Triton Inference Server Double Free Denial of Service Vulnerability
CVE ID : CVE-2025-23322
Published : Aug. 6, 2025, 1:15 p.m. | 1 hour, 20 minutes ago
Description : NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where multiple requests could cause a double free when a stream is cancelled before it is processed. A successful exploit of this vulnerability might lead to denial of service.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-23322
Published : Aug. 6, 2025, 1:15 p.m. | 1 hour, 20 minutes ago
Description : NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where multiple requests could cause a double free when a stream is cancelled before it is processed. A successful exploit of this vulnerability might lead to denial of service.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-23323 - NVIDIA Triton Inference Server Integer Overflow Denial of Service
CVE ID : CVE-2025-23323
Published : Aug. 6, 2025, 1:15 p.m. | 1 hour, 20 minutes ago
Description : NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where a user could cause an integer overflow or wraparound, leading to a segmentation fault, by providing an invalid request. A successful exploit of this vulnerability might lead to denial of service.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-23323
Published : Aug. 6, 2025, 1:15 p.m. | 1 hour, 20 minutes ago
Description : NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where a user could cause an integer overflow or wraparound, leading to a segmentation fault, by providing an invalid request. A successful exploit of this vulnerability might lead to denial of service.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-23324 - NVIDIA Triton Inference Server Integer Overflow Denial of Service
CVE ID : CVE-2025-23324
Published : Aug. 6, 2025, 1:15 p.m. | 1 hour, 20 minutes ago
Description : NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where a user could cause an integer overflow or wraparound, leading to a segmentation fault, by providing an invalid request. A successful exploit of this vulnerability might lead to denial of service.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-23324
Published : Aug. 6, 2025, 1:15 p.m. | 1 hour, 20 minutes ago
Description : NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where a user could cause an integer overflow or wraparound, leading to a segmentation fault, by providing an invalid request. A successful exploit of this vulnerability might lead to denial of service.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-23325 - NVIDIA Triton Inference Server Recursion Denial of Service
CVE ID : CVE-2025-23325
Published : Aug. 6, 2025, 1:15 p.m. | 1 hour, 20 minutes ago
Description : NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker could cause uncontrolled recursion through a specially crafted input. A successful exploit of this vulnerability might lead to denial of service.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-23325
Published : Aug. 6, 2025, 1:15 p.m. | 1 hour, 20 minutes ago
Description : NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker could cause uncontrolled recursion through a specially crafted input. A successful exploit of this vulnerability might lead to denial of service.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-23326 - NVIDIA Triton Inference Server Integer Overflow Denial of Service
CVE ID : CVE-2025-23326
Published : Aug. 6, 2025, 1:15 p.m. | 1 hour, 20 minutes ago
Description : NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker could cause an integer overflow through a specially crafted input. A successful exploit of this vulnerability might lead to denial of service.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-23326
Published : Aug. 6, 2025, 1:15 p.m. | 1 hour, 20 minutes ago
Description : NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker could cause an integer overflow through a specially crafted input. A successful exploit of this vulnerability might lead to denial of service.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-23327 - NVIDIA Triton Inference Server Integer Overflow Vulnerability
CVE ID : CVE-2025-23327
Published : Aug. 6, 2025, 1:15 p.m. | 1 hour, 20 minutes ago
Description : NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker could cause an integer overflow through specially crafted inputs. A successful exploit of this vulnerability might lead to denial of service and data tampering.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-23327
Published : Aug. 6, 2025, 1:15 p.m. | 1 hour, 20 minutes ago
Description : NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker could cause an integer overflow through specially crafted inputs. A successful exploit of this vulnerability might lead to denial of service and data tampering.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-23331 - NVIDIA Triton Inference Server Denial of Service (DoS)
CVE ID : CVE-2025-23331
Published : Aug. 6, 2025, 1:15 p.m. | 1 hour, 20 minutes ago
Description : NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where a user could cause a memory allocation with excessive size value, leading to a segmentation fault, by providing an invalid request. A successful exploit of this vulnerability might lead to denial of service.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-23331
Published : Aug. 6, 2025, 1:15 p.m. | 1 hour, 20 minutes ago
Description : NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where a user could cause a memory allocation with excessive size value, leading to a segmentation fault, by providing an invalid request. A successful exploit of this vulnerability might lead to denial of service.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...